How can you avoid future rootkit attacks? Find out what the experts have to say.

Kurt Dillard: There are a many countermeasures you can implement. Here are five of the most effective:

1. Avoid logging in with an account that has administrative privileges. You can use tools such as Window's built-in
RunAs or
MakeMeAdmin.
2. Run a dedicated firewall for your entire network as well as software firewalls distributed on each host, such as the
Windows Firewall (included with
Windows XP Service Pack 2).
3. Keep Windows and all of your other software up to date on patches and service packs by using tools such as
Automatic Updates if you only have a few systems. If you manage numerous computers, use
Windows Server Update Services.
4. Use modern antivirus software with the most current signature libraries. For more information about antivirus vendors, see the
Microsoft Antivirus Partners page.
5. Use up-to-date spyware protection tools such as Microsoft's
Windows AntiSpyware software.

For more ideas on minimizing the risk of getting hit by this type of malware take a look at my recent tech tips.

Lawrence Abrams: The most important step in security is to make every effort to prevent users from having to log in as an administrator to get their work done. Understandably, with the current Windows architecture, that is not always possible. When malware infects a computer, it runs at the same security level as the user logged in with. Therefore if that user is an administrator, the malware has administrative rights as well. This gives the malware full access to your computer.

Rootkits, whether from targeted or viral worms, can be prevented using the same best practices when trying to prevent other malware.

1.Use a firewall to block commonly hacked Windows TCP ports like 20, 21, 23, 80, 135, 139, 443 and 445. By blocking these ports from the outset, you will greatly reduce your risk of getting hacked in the first place. The best practice would be to block every port, and only map a port to a particular machine that needs it open. Most recent worms exploit vulnerabilities in programs that utilize these ports. If a computer needs to use one of the above ports, then the firewall should strictly specify which remote computers can connect to it via that port instead of making it wide open.
2. Furthermore, each computer should always have the latest security updates and be running an antivirus program that is updated daily. New definitions for antivirus software are released often, and it is important to always have the latest definition.
3. In addition to antivirus software, you should also have at least two antispyware applications, such as Spybot -- Search and Destroy, Webroot Software Inc.'s
Spy Sweeper or Lavasoft's Ad-Aware installed on your machine. Daily or weekly scans with the most recent updates should initiate automatically to take full advantage of the latest definitions.
4. Last but not least, teach users good practices. They should know not to click on Internet ads, links in instant messages from strangers and attachments that are from unknown people or appear strange. IT staff should immediately send out an e-mail to all staff users if a new worm is in the wild and describe the attachments, configuration or wording.

With a firewall in place, plus antimalware software, current security updates and good Internet guidelines for users, you should stay clear of these types of infections.

Kevin Beaver: As long as a computer is operated by a human or connected to a network, there's no definitive way to guarantee complete security. You can, however, install antispyware, rootkit detection and anomaly monitoring software to keep things locked down. Ideally, you'll install all three since you've already been burned once and want to avoid going through it again. In addition, it's clichÉ, but make sure you're disciplined in maintaining current patches on all operating systems and applications.

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.